From owner-freebsd-questions@freebsd.org Tue Jan 26 04:28:44 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0362D4FEA9D for ; Tue, 26 Jan 2021 04:28:44 +0000 (UTC) (envelope-from david@skytracker.ca) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DPtyz5bVgz4hcZ for ; Tue, 26 Jan 2021 04:28:43 +0000 (UTC) (envelope-from david@skytracker.ca) Received: by mailman.nyi.freebsd.org (Postfix) id BD9704FEA9C; Tue, 26 Jan 2021 04:28:43 +0000 (UTC) Delivered-To: questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BD4F94FE865 for ; Tue, 26 Jan 2021 04:28:43 +0000 (UTC) (envelope-from david@skytracker.ca) Received: from pmta11.teksavvy.com (pmta11.teksavvy.com [76.10.157.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.teksavvy.com", Issuer "DigiCert SHA2 High Assurance Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DPtyy5YjFz4hlF for ; Tue, 26 Jan 2021 04:28:42 +0000 (UTC) (envelope-from david@skytracker.ca) IronPort-SDR: PmIefoxRPoMIcLZIABd78P8hYoVMwzHBxN3kCukuFyj5Fbh7MRAUTyidqsluLG6RegYMopZulW H3pO66WqJJYQ== X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2FKCwDmmQ9g/yWexEViHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgU+CPAFkWGGTf4FqLQODfZZcgV8JCwEBAQEBAQEBAQkYCwk?= =?us-ascii?q?BAgQBAQKEBEQCgXkCJTgTAgMBAQsBAQEFAQEBAQEGBAIChk4Mg1WBBwEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQEWAg1UaQEBAQMBASULAQUWIBsLDgonBycBCRUDAQ0?= =?us-ascii?q?GAQcFAgQBAQEBFgMBA4MFAYMGBAuyMIEBM4kIgT4GgTiGboJdg3MmG4IAgTi?= =?us-ascii?q?BdH4+gl0BBIEnARECAQiGEQSCPmAsChsQWAMWbCQhDgGdD5tbgwGBHYgTi0W?= =?us-ascii?q?GbgUKH4EjkXePXpQeix+KFIdVgTmDPoFtaCNwMxoIMDuCaRM9GQ1WjVcXiGK?= =?us-ascii?q?FYiMzESYCBgoBAQMJVwGLPQEB?= X-IPAS-Result: =?us-ascii?q?A2FKCwDmmQ9g/yWexEViHAEBAQEBAQcBARIBAQQEAQFAg?= =?us-ascii?q?U+CPAFkWGGTf4FqLQODfZZcgV8JCwEBAQEBAQEBAQkYCwkBAgQBAQKEBEQCg?= =?us-ascii?q?XkCJTgTAgMBAQsBAQEFAQEBAQEGBAIChk4Mg1WBBwEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEWAg1UaQEBAQMBASULAQUWIBsLDgonBycBCRUDAQ0GAQcFAgQBAQEBF?= =?us-ascii?q?gMBA4MFAYMGBAuyMIEBM4kIgT4GgTiGboJdg3MmG4IAgTiBdH4+gl0BBIEnA?= =?us-ascii?q?RECAQiGEQSCPmAsChsQWAMWbCQhDgGdD5tbgwGBHYgTi0WGbgUKH4EjkXePX?= =?us-ascii?q?pQeix+KFIdVgTmDPoFtaCNwMxoIMDuCaRM9GQ1WjVcXiGKFYiMzESYCBgoBA?= =?us-ascii?q?QMJVwGLPQEB?= X-IronPort-AV: E=Sophos;i="5.79,375,1602561600"; d="scan'208";a="155924027" Received: from 3s1.com ([69.196.158.37]) by smtp11.teksavvy.com with ESMTP/TLS/DHE-RSA-AES128-SHA; 25 Jan 2021 23:28:40 -0500 Received: from [192.168.3.101] ([82.102.30.130]) (authenticated bits=0) by 3s1.com (8.14.9/8.14.9) with ESMTP id 10Q4ScNi050635; Mon, 25 Jan 2021 23:28:39 -0500 (EST) (envelope-from david@skytracker.ca) Subject: Re: clamd appears to hanging From: David Banning To: Doug Hardie , questions@freebsd.org References: <20210124160938.GA82891@skytracker.ca> <485b6c93-6729-becd-5e01-262299327e1c@daveyelectric.ca> Message-ID: <49ee8426-64f1-c081-8a98-a3c3e322937a@skytracker.ca> Date: Mon, 25 Jan 2021 23:28:17 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Virus-Scanned: clamav-milter 0.98.1 at 3s1.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (3s1.com [192.168.1.50]); Mon, 25 Jan 2021 23:28:40 -0500 (EST) X-Rspamd-Queue-Id: 4DPtyy5YjFz4hlF X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=softfail (mx1.freebsd.org: 76.10.157.34 is neither permitted nor denied by domain of david@skytracker.ca) smtp.mailfrom=david@skytracker.ca X-Spamd-Result: default: False [-3.20 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[76.10.157.34:from]; FREEFALL_USER(0.00)[david]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[skytracker.ca]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_SPF_SOFTFAIL(0.00)[~all:c]; SPAMHAUS_ZRD(0.00)[76.10.157.34:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5645, ipnet:76.10.128.0/19, country:CA]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[questions]; RCVD_IN_DNSWL_LOW(-0.10)[76.10.157.34:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jan 2021 04:28:44 -0000 Well that was it.  It looks like changing a setting in /usr/local/etc/clamav-milter.conf did the trick. Thanks for your help.  Pardon me for top posting - it that still out of style on this board? On 2021-01-25 11:18 p.m., David Banning wrote: > Well - that was something - it looks like the Avast running on my > Windows laptop alters the header of each email for viewing just on my > laptop.  When I look at the headers of each email from the shell using > Mutt there are no modified headers. But it -does- appears they are > being scanned for viruses - here is a clip the log from > /var/log/clamav/clamd.log > > > Mon Jan 25 13:04:21 2021 -> fd[10]: OK > Mon Jan 25 13:14:20 2021 -> SelfCheck: Database status OK. > Mon Jan 25 13:23:15 2021 -> fd[10]: Win.Test.EICAR_HDB-1 FOUND > Mon Jan 25 13:24:37 2021 -> SelfCheck: Database status OK. > Mon Jan 25 13:27:19 2021 -> fd[11]: Win.Test.EICAR_HDB-1 FOUND > Mon Jan 25 13:34:37 2021 -> SelfCheck: Database status OK. > Mon Jan 25 13:44:46 2021 -> SelfCheck: Database status OK. > Mon Jan 25 13:44:46 2021 -> fd[10]: OK > Mon Jan 25 13:48:05 2021 -> fd[10]: OK > Mon Jan 25 13:55:11 2021 -> SelfCheck: Database status OK. > Mon Jan 25 13:55:12 2021 -> fd[10]: OK > Mon Jan 25 13:57:40 2021 -> fd[10]: OK > Mon Jan 25 14:00:22 2021 -> fd[10]: OK > Mon Jan 25 14:01:10 2021 -> fd[10]: OK > Mon Jan 25 14:03:24 2021 -> fd[10]: OK > Mon Jan 25 14:04:15 2021 -> fd[10]: OK > Mon Jan 25 14:05:09 2021 -> fd[10]: OK > Mon Jan 25 14:06:15 2021 -> SelfCheck: Database status OK. > Mon Jan 25 14:06:15 2021 -> fd[10]: OK > > > It shows the two emails I tried sending with the Eicar fake virus.  > And /var/maillog shows simply; > > Jan 25 13:27:19 3s1 sm-mta[82154]: 10PIRI8l082154: milter=clmilter, > quarantine=quarantined by clamav-milter > > So it appears to scanning for the viruses - I will look to see if > there are any setting in the configuration files that might add the > headers. > > > On 2021-01-25 9:19 p.m., Doug Hardie wrote: >> Clamav headers look like: >> >> X-Virus-Scanned: clamav-milter 0.103.0 at mail >> >> I don't think those are from clamav.  Are you also using Avast? >> >> -- Doug >> >>> On 25 January 2021, at 17:50, David Banning >> > wrote: >>> >>> Turns out all is good - I see there is a header now in each email; >>> >>> X-Antivirus: Avast (VPS 210125-8, 2021-01-25), Inbound message >>> X-Antivirus-Status: Clean >>> >>> which I am assuming is from Clamav. >>> On 2021-01-25 2:00 p.m., David Banning wrote: >>>> thanks for that - it turns out that when I waited,  spamd -does- >>>> eventually start - I think it took 45 minutes - knowing that it was >>>> operating was only from sending the eicar virus to myself - it >>>> shows that it caught it in the maillog,  but no email cleaned >>>> version of the email arrived,  and there is no header in clean >>>> emails to show they have been checked - but it works.  That's the >>>> good news.  It would be helpful to have -something- that tells me >>>> that it is operating - even an occasional clean scan note in >>>> maillog would be great. >>>> >>>> I'll keep an eye to see if it continues to take a long time to >>>> start at boot time - I may have to have it -not- start at boot, and >>>> start it manually. >>>> >>>> >>>> On 2021-01-25 5:00 a.m., Doug Hardie wrote: >>>>>> On 24 January 2021, at 08:09, David Banning >>>>>> wrote: >>>>>> >>>>>> I just installed clamd on an older version of Freebsd. Freshclam >>>>>> appears to be working fine, but clamd seems to hang, which >>>>>> prevents my server from booting. >>>>>> I don't see anything in the log; >>>>>> >>>>>> >>>>>> Any pointers towards getting this up and running would be helpful. >>>>>> The Freebsd version and Clamd version are noted at the beginning >>>>>> of the log. >>>>> Clamd may be waiting on freshclam.  However, it still takes clamd >>>>> "forever" to load the virus database.  You have 2 options: >>>>> >>>>> 1.  If you connect to the machine via ssh, then edit >>>>> /etc/rc.d/sshd and add FILESYSTEMS to the REQUIRE line. That will >>>>> cause sshd to become active before clamd tries to start up.  You >>>>> will be able to poke around and see what is going on. >>>>> >>>>> 2.  If you use a directly connected terminal, then disable clamd >>>>> and freshclam in /etc/rc.d.  Boot up and then start them up >>>>> manually.  You do need to run freshclam first though. >>>>> >>>>> In any case, be prepared to wait a long time for clamd to start. >>>>> >>>>> -- Doug >>>>> >>>>> >>>>> _______________________________________________ >>>>> freebsd-questions@freebsd.org mailing list >>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>> To unsubscribe, send any mail to >>>>> "freebsd-questions-unsubscribe@freebsd.org" >>>>> >>>> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >